BoxAid Blog

More Email Accounts Getting Compromised

At BoxAid Online PC Support we get dozens of phone calls about viruses and malware on any given day.  Lately we have been seeing a trend in web based email accounts that have been getting compromised.  This has been common in the past few years but in the past few months even more common than you think.  Unfortunately, once your email account has been compromised your data is at risk and much of the damage has been done.  Typically you get a rude awakening when y0u attempt to login to your Gmail account and receive a message that your password is not recognized or Google gives you a message that your account may have been compromised.  At this point the end user is scrambling on what to do after their email has been hacked and that is when we get the phone call at BoxAid.  We can help you get back into your account by going through the recovery process but first we wanted to discuss the most common reasons these accounts are getting infiltrated in the first place.There are many methods of a malicious user getting your username and password but below are the most common methods.  Make sure you do not fall into any of the following categories and if your account has already been stolen it probably occurred in one of the following ways:

Phishing

Phishing is one of the most popular techniques of getting usernames and password from unsuspecting users today.  Phishing is nothing more than a malicious user sending out thousands (sometimes millions) of emails to random email addresses that trick the user into willingly giving their information to the malicious user by responding to the email in a way that reveals the username and password of an account.  Here are a  fe things to look for:

• The email asks you to provide your username and password or other personal information (e.g. Social Security number, bank account number, credit card number, mother’s maiden name, or birthday). Even if they appear to be from a legitimate source such as your Bank, or Cable company, or contain an official-looking webpage, be careful.   Spammers often ask for this information in an attempt to steal your email address, your money, your credit, or your identity.
• You might see a warning from your email when you open one of these messages. While there is no email account such as Gmail or Yahoo that is perfect at detecting phishing, they usually give you some kind of warning like the source of this email can not be confirmed.

Always be wary of any message that asks for your personal information.  No legitimate company such as your Bank will email you and ask you for any personal information.  They know better.  If there is any doubt at all on the authenticity of the email then you should delete it.  Again, phishing is one of the most common methods that an attacker compromises your email address or even worse, your bank account.  Take a look at this video to see how to easily detect phishing.

Simple to Guess Passwords

If no one has ever told you that you shouldn’t be using simple passwords for your online accounts then you must be living under a rock.  Make sure you don’t use stuff like “mykidsname123″ or “gogiants111″.  These passwords can easily be defeated by programs that specialize in guessing your passwords.  In addition, don’t use the same username and password across multiple accounts like Facebook and your bank account.  These two have nothing to do with each other.  So make sure the passwords and usernames are not related.  Here’s some more tips:

• Don’t use characters that repeat like “555″ or “aaa”
• Be creative and don’t use words that can be found in a dictionary since those are the easiest to guess
• Use at least eight characters, the more characters the harder it is to guess
• Don’t use a password that you have used elsewhere.
• Don’t use keyboard patterns (asdf) or sequential numbers (1234).
• Create an acronym. Don’t use a common one, like NASA or SCUBA. Combine it with numbers and punctuation marks.
• Include punctuation marks and numbers. Mix capital and lowercase letters.
• Include similar looking substitutions, such as the number zero for the letter ‘O’ or $ for the letter ‘S’.
• Include phonetic replacements, such as ‘Luv 2 Laf’ for ‘Love to Laugh.’
• Don’t make your password all numbers, all uppercase letters, or all lowercase letters.
• Find ways of collecting random letters and numbers, such as opening books, looking at license plates or taking the third letter from the first five words you see
• Don’t use a password that is listed as an example of how to pick a good password.

Keyloggers, Viruses and Malware

Finally the last category we want to cover is Keyloggers, Viruses and Malware.  This category is difficult to measure because we know there are thousands of new viruses coming out on a daily basis and you may have a leading anti-virus solution as McAfee or Symantec but the reality is that its taking these companies as long as 10 or 15 days to find new viruses.  During that 10 or 15 day window while your anti-virus products is doing nothing, the malware writer has collected all your usernames and passwords using his/her software that is quietly running on your machine.  That data is all sent across the Internet to their central server.  Finally your anti-virus product starts to pick up this new virus and removes it.  That’s great but your usernames and passwords have already been stolen.  So the process for being protected by your antivirus product looks something like this:

• Malware writer writes a new virus and starts releasing it across the world
• Anti-virus companies have no protection for this new virus because its newly released
• Thousands of machines are getting infected daily and their anti-virus is doing nothing
• Finally someone technical sees the new virus symptoms and catches the file submitting it to their anti-virus vendor
• AV vendor writes a signature to give all their customers protection from this new virus
• AV vendor shares this signature with other AV vendors like Symantec, McAfee, Trend, and Kaspersky
• Depending on which AV product you have you finally get protection to stop this virus 10 to 15 days after it came out

Again, there are multiple ways of getting your email accounts compromised and there are many vectors on how this may occur but more importantly you need to make sure it does not happen to you by following some basic rules that we mentioned above.  Of course we didn’t mention the really obvious things like don’t share your passwords with others including family members, avoid public terminals or computers like Internet cafes, or the Library.  These places are dangerous and often have keyloggers installed that will monitor every single key you type.  Finally, if you really want to be safe, you can always go back to sending letters through the post office, stamps are very affordable

Like our post? Leave us a comment below and make sure you visit our home page http://www.boxaid.com

Be Sociable, Share!

• 

About George Dover

George Dover is one of the Microsoft Certified Technicians that works at BoxAid.com. He is the primary blog contributor and has helped thousands of customers calling into BoxAid on a daily basis. Connect with me on Google+

Mail | More Posts (27)